Hello,
Im working on Zapier Oauth 2.0 implementation and I need to use a custom variable from
Authorization URL step to Access Token Request step. Is this possible ?
Please see attachments for more details.
Hello,
Im working on Zapier Oauth 2.0 implementation and I need to use a custom variable from
Authorization URL step to Access Token Request step. Is this possible ?
Please see attachments for more details.
Alright, Thank you for your answer
I’m concerned this approach will circumvent the security provided by PKCE. If you have enough control over your auth provider to implement a non-standard flow like this, I’d imagine you have enough control to enable the standard client-id/client-secret configuration instead. And this would be my recommendation until Zapier adds proper PKCE support to its OAuth implementation.
Note that your Zapier integration is not a public client, in OAuth 2 authorization code flow terms. Check out environment variables as a secure way to configure, store, and use client id and secret. PKCE provides a clever way to secure public OAuth 2 authorization code flow clients, like mobile apps and single page apps, where that’s not possible.
Yeah, I have to use PKCE to call some endpoints which necessit more privileges.
Maybe I can pass the code_verifier (encrypted of course) in the URI and retrieve it by bundle.inputData or something like that ?
What do you think
I’m assuming this is for PKCE support? Unfortunately, I think you’re going to be blocked right now. Earlier discussion on the topic here:
Does the API you’re using give you the option of client id/secret only, or is it forcing you to implement PKCE?
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.